search

radius-project / radius

Radius is a cloud-native, portable application platform that makes app development easier for teams building cloud-native apps.
https://radapp.io
Apache License 2.0
1.47k stars 94 forks source link

Investigate private ACR permissions for linking recipes #6374

Closed jasonviviano closed 10 months ago

jasonviviano commented 2 years ago

Parent Issue

https://github.com/project-radius/radius/issues/3919

Objective

Create a private ACR and provide the same credentials to try and deploy.

AB#4003

AB#10659

AaronCrawfis commented 2 years ago

The Service Principal or User-assigned managed identity that has been configured with the Azure Cloud Provider within the Radius Control Plane will need an "ACR Pull" RBAC assignment on the target Azure container registry.

Also of note (not sure if this is how we auth, but throwing it in just in case), you can auth to an ACR registry directly using docker login or oras login with the service principal and secret, you don't need to first get an AAD token. See https://learn.microsoft.com/en-us/azure/container-registry/container-registry-oci-artifacts#sign-in-to-a-registry for more details

AaronCrawfis commented 10 months ago

Dup of #6911